Add basic secrets processing for GitHub integration #246
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -75,3 +75,22 @@ jobs: | |
| run: | | ||
| echo Pubber output logs: | ||
| cat pubber.out || true | ||
|
|
||
| terraform: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout source | ||
| uses: actions/[email protected] | ||
| - name: Setup config | ||
| env: | ||
| TERRAFORM_CONFIG: ${{ secrets.TERRAFORM_CONFIG }} | ||
| if: "${{ env.TERRAFORM_CONFIG != '' }}" | ||
| run: | | ||
| base64 -d <<< "$TERRAFORM_CONFIG" > config.sh | ||
| cat config.sh | fgrep -v _CREDS= | ||
| - name: Setup terraform | ||
| run: (! test -f config.sh) || (source config.sh; cloud/gcp/bin/setup) | ||
| - name: Init terraform | ||
| run: (! test -f config.sh) || (source config.sh; cloud/gcp/bin/init) | ||
| - name: Apply terraform | ||
| run: (! test -f config.sh) || (source config.sh; cloud/gcp/bin/apply) | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| #!/bin/bash -ex | ||
|
|
||
| cd $(realpath $(dirname $0)/..) | ||
|
|
||
| echo Applying terraform to project ${GCP_PROJECT_NAME} | ||
|
|
||
| terraform apply |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| #!/bin/bash -e | ||
|
|
||
| echo Cleaning existing state... | ||
|
|
||
| terraform state rm `terraform state list` | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| #!/bin/bash -ex | ||
|
|
||
| cd $(realpath $(dirname $0)/..) | ||
|
|
||
| echo Initializing terraform for project ${GCP_PROJECT_NAME} | ||
|
|
||
| for file in main.tf udmi-sites.tf terraform.tfvars; do | ||
| if [[ ! -f $file ]]; then | ||
| echo Configuration file $file does not exist, did you run bin/setup? | ||
| false | ||
| fi | ||
| done | ||
|
|
||
| terraform init $* | ||
|
|
||
| terraform import google_project.udmi-project ${GCP_PROJECT_NAME:?} | ||
|
There was a problem hiding this comment. This must be removed because the state already includes the project |
||
|
|
||
| terraform import google_storage_bucket.tf-bucket ${GCP_PROJECT_NAME}-terraform | ||
|
There was a problem hiding this comment. This must be removed because the state already includes the storage bucket |
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| #!/bin/bash -e | ||
|
|
||
| cd $(realpath $(dirname $0)/..) | ||
|
|
||
| CRED_FILE=auth/credentials.json | ||
| CONFIG_FILE=config.out | ||
|
|
||
| if [[ -f $CRED_FILE ]]; then | ||
| echo Cowardly refusing to overwrite existing $CRED_FILE | ||
| else | ||
| echo Writing creds to $CRED_FILE | ||
| base64 -d <<< "${GCP_PROJECT_CREDS:?}" > $CRED_FILE | ||
| fi | ||
|
|
||
| cat <<EOF > $CONFIG_FILE | ||
| export GCP_PROJECT_NAME=${GCP_PROJECT_NAME:?} | ||
| export GCP_PROJECT_ID=${GCP_PROJECT_ID:?} | ||
| export GCP_PROJECT_REGION=${GCP_PROJECT_REGION:?} | ||
| export GCP_PROJECT_GROUP=${GCP_PROJECT_GROUP:?} | ||
| export GCP_PROJECT_CREDS="`base64 -w 0 $CRED_FILE`" | ||
| export UDMI_SITE_NAME=${UDMI_SITE_NAME:?} | ||
| export UDMI_SITE_REGION=${UDMI_SITE_REGION:?} | ||
| export UDMI_SITE_GROUP=${UDMI_SITE_GROUP:?} | ||
| EOF | ||
|
|
||
| echo Config saved to $CONFIG_FILE | ||
| sha256sum $CONFIG_FILE $CRED_FILE | ||
| cat $CONFIG_FILE | fgrep -v _CREDS= | ||
|
|
||
| echo Creating main.tf | ||
| sed -E < main.tf.template > main.tf \ | ||
| -e "s/@GCP_PROJECT_ID@/${GCP_PROJECT_ID}/" | ||
|
|
||
| echo Creating udmi-sites.tf | ||
| sed -E < udmi-sites.tf.template > udmi-sites.tf \ | ||
| -e "s/@UDMI_SITE_NAME@/${UDMI_SITE_NAME}/" \ | ||
| -e "s/@UDMI_SITE_REGION@/${UDMI_SITE_REGION}/" \ | ||
| -e "s/@UDMI_SITE_GROUP@/${UDMI_SITE_GROUP}/" | ||
|
|
||
| echo Creating terraform.tfvars | ||
| sed -E < terraform.tfvars.template > terraform.tfvars \ | ||
| -e "s/@GCP_PROJECT_NAME@/${GCP_PROJECT_NAME}/g" \ | ||
| -e "s/@GCP_PROJECT_ID@/${GCP_PROJECT_ID}/" \ | ||
| -e "s/@GCP_PROJECT_REGION@/${GCP_PROJECT_REGION}/" \ | ||
| -e "s/@GCP_PROJECT_GROUP@/${GCP_RPOJECT_GROUP}/" | ||
|
|
||
| echo Done with terraform setup. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The terraform state is kept in the remote backend bucket, it must not be erased